The Developers Alliance 2020 European Policy Update
EU Commission President Ursula von der Leyen delivering her State Of The Union address on September 16 2020. CC-BY-4.0: © European Union 2020 – Source: EP.
Upcoming EU Digital Regulations
Commission President von der Leyen Looks “To Strengthen Europe’s Digital Sovereignty”
On September 16, Ursula von der Leyen, President of the European Commission, presented the annual State of the Union. The Commission set an ambitious agenda “to strengthen Europe’s digital sovereignty”. This includes, among others, measures aimed to build high-performance computing, cloud infrastructure, common data sharing spaces and an EU digital identity. The upcoming regulation for artificial intelligence was mentioned as well, “…algorithms must not be a black box and there must be clear rules if something goes wrong.”
Digital Service Act Positions Near Completion
While the European Commission is drafting the future regulatory proposals, with an eye on the outcome of the stakeholder consultations (here is some of our input), the European Parliament is finalising its positions on the future Digital Services Act and Artificial Intelligence.
Privacy and Child Protection Online
Commission Proposes Privacy “Temporary Exemption”
On 10 September, the European Commission proposed a temporary exemption (from 21 December 2020 until 31 December 2025) from the current privacy rules to allow communications service providers to use technologies to detect, report and remove child sexual abuse material. The draft regulation has to be approved by the European Parliament and the Council of the EU.
The UK Looks To Make Software Development “Age Appropriate”
The UK Information Commissioner’s Office (ICO) presented an Age Appropriate Design Code, which came into force on 2 September 2020 with a 12 month transition period. The code is said to be “….rooted in the United Nations Convention on the Rights of the Child (UNCRC) that recognises the special safeguards children need in all aspects of their life.” The UK Information Commissioner’s Office (ICO) stated: “The code delivers on that mandate and requires information society services to put the best interests of the child first when they are designing and developing apps, games, connected toys and websites that are likely to be accessed by them.” The code is the first of its kind.
YouTube Accused Of Unlawfully Targeting Children
A class-action lawsuit was filed against YouTube in the UK, alleging it “routinely breaks UK and European privacy laws, unlawfully target young children with addictive programming and harvest their data for advertisers.” The lawsuit specifically mentions the UK’s Data Protection Act and the EU’s General Data Protection Regulation (GDPR). The lawsuit was brought to the UK’s High Court by Foxglove, a non-governmental organization focused on “tech accountability.” In their release Foxglove states that this “…new lawsuit aims to force YouTube to stop spying on children under 13 and to compensate millions of underage users.”
Data Protection
Are You A Controller Or Processor Under GDPR? Submit Your Feedback On The Process
The European Data Protection Board issued Guidelines on the concepts of controller and processor in the GDPR and invited stakeholders to comment. The submission period opened on 7 September and will last until October 19th 2020 at the latest. If you are or work with, an organization that is a data controller or processor, we highly suggest that you submit your feedback to the European Data Protection Board before the window closes. The feedback can be submitted here.
French Tech Industry Details Concern With Privacy Shield Strikedown
Three French tech associations (L’Asic, Syntec Numérique et TECH IN France) expressed their concerns regarding the impact on small companies of the recent invalidation of the EU-US Privacy Shield by the EU Court. They are calling for transitory measures to help the companies that depend on international data flows, and that are now required to assess the adequacy level by themselves.
Noyb’s Crusade Continues; Calls Data Transfer “Pandora’s Box”
Noyb, the Austrian NGO that initiates strategic legal battles on privacy (mostly on EU-US data transfers), issued a report showing how companies are addressing their international data transfers after the CJEU’s ruling in C-311/18 – Schrems II. The report details Noyb’s letters to various tech companies, including Microsoft, Airbnb, Slack, Netflix, and more after the ruling, in order to see how they respond and if they’re complying with the ruling. Noyb was not satisfied with the answers they received.
Swiss Find US Data Transfer Protection Inadequate
The Swiss the Federal Data Protection and Information Commissioner (FDPIC) considers that the CH-US Privacy Shield does not provide an adequate level of protection for data transfer from Switzerland to the U.S. The regime can still be invoked by those concerned as long as it is not revoked by the U.S.
EU Courts
Court Of Justice Looks To Enshrine Internet Neutrality
The Court of Justice of the European Union provided on September 15, for the first time, interpretation on the EU regulation enshrining ‘internet neutrality.’
“The requirements to protect internet users’ rights and to treat traffic in a non-discriminatory manner preclude an internet access provider from favouring certain applications and services by means of packages enabling those applications and services to benefit from a ‘zero tariff’ and making the use of the other applications and services subject to measures blocking or slowing down traffic.”
Advocate-General Szpunar Finds Embedding And Inline Linking Requires Rights Permission
According to the opinion of the Advocate-General Szpunar issued on September 10 “embedding in a webpage of works from other websites by means of automatic links (inline linking) requires the authorisation of the holder of the rights in those works.” However, he states that embedding by means of clickable links using the framing technique does not require right holders authorisation, which is deemed to have been given when the work was initially made available.
Competition
EU Commission Asks Court of Justice To Hear Apple/Ireland State Aid Case
The European Commission decided to appeal the General Court’s July 2020 judgment on the Apple tax state aid case in Ireland (August 2016), concerning the legality of the selective tax bread granted to the company by Ireland. The European Commission details in their statement, “The General Court judgment raises important legal issues that are of relevance to the Commission in its application of State aid rules to tax planning cases. The Commission also respectfully considers that in its judgment the General Court has made a number of errors of law. For this reason, the Commission is bringing this matter before the European Court of Justice.”
Italian Competition Authority Launches “Big Tech” Cloud Investigation
The Italian Competition Authority launched on September 7 an investigation initiated against Google, Apple and Dropbox regarding cloud computing services. The proceedings relate to alleged unfair commercial practices and the possible presence of unfair clauses in the contractual conditions.
Northern Europe Reveals Digital Platform Position
The Nordic Competition authorities issued their position, “Digital Platforms And The Potential Changes To Competition Law At The European Level.” The position details the Nordic countries’ stance on the regulatory proposals on digital platforms and on adapting the European competition policy. Highlights from the twenty-page paper include,
-
“Overall, the Nordic competition authorities support the evaluation of such new regulatory initiatives being conducted by the European Commission. At the same time, we stress the importance of duly considering the advantages and risks associated with a regulatory intervention for companies and consumers, and the need to protect legal certainty and ensure predictability.”
Miscellaneous
Invested In Crypto-Assets? New Legislation Inbound
The European Commission proposed a legislative package on crypto-assets as part of its Digital Finance Strategy. This includes a Regulation on Markets in Crypto-Assets and a pilot regime (temporary derogations within a controlled environment) for market infrastructures that wish to try to trade and settle transactions in financial instruments in crypto-asset form. The legislation is being billed by the commission as an “…ambitious approach to encourage responsible innovation to benefit consumers and businesses.”
EU National Apps Look To Interoperability Gateway Service
The European Commission set up an interoperability gateway service linking national apps across the EU. It also has kicked off test runs between the backend servers of the official apps from the Czech Republic, Denmark, Germany, Ireland, Italy and Latvia, and a newly established gateway server.
Audiovisual Media Services Directive Passage Deadline Passes
On September 19 the deadline for the Member States to transpose the Audiovisual Media Services Directive into national law expired. After a revision in 2018 the law “…provides rules to protect vulnerable viewers and children sharing videos online, combat racial and religious hatred as well as create a level playing field for audiovisual media services, preserve cultural diversity including European works, and guarantee the independence of national media regulators.” Additionally, the new rules look to bolster the incoming Digital Services Act. Both laws will seek to “…clarify the responsibilities of online platforms and social media.”
Amsterdam And Helsinki AI Registries To Show Citizens How AI Affects Daily Life
Amsterdam and Helsinki have launched AI registries that show how algorithms are used to deliver public services. The registries provide information related to the datasets used to train the models, how the algorithms are used, and how they are assessed for potential risks or biases. The citizens can give feedback. These initiatives are part of a European project supported by the European Commission, Next Generation Internet Policy Summit.
Happy EU CyberSecurity Month!
October is the EU CyberSecurity Month. The awareness-raising campaign is coordinated by the European Union Agency for Cybersecurity (ENISA) and the European Commission, and supported by the EU Member States and partners, such as governments, universities, think tanks, NGOs, professional associations, private sector business from Europe, and beyond.
